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REQUESTING 
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AUTHENTICATION 
SERVER 



_ 210a. REGISTER. 

PROVIDE DEVICE PUBLIC 
KEY AND IDENTITY 

_ _2J0iL REGISTER_REPL_Y._ _ 

'provide auth srvr public key 

216a. AS REQUEST. 



REQUEST TGT OR TIME SERVER TICKET 
DEVICE IDENTITY 

DEVICE DIFFIE-HELLMAN PUBLIC VALUE 
SIGNED WITH DEVICE'S PRIVATE KEY 
216b. AS REPLY. 



TGT OR TIME SERVER TICKET 
SERVER DIFFIE-HELLMAN PUBLIC VALUE 
SIGNED WITH AUTH SRVR PRIVATE KEY 
TICKET INCLUDES: 

-SESSION KEY 

-SERVER IDENTIFICATION 

-EXPIRATION TIME 
2nd COPY OF SESSION KEY 

-ENCRYPTED USING DIFFIE-HELLMAN 

KEY AGREEMENT 

220a. TGS REQUEST. 
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REQUEST TIME SERVER TICKET 
AUTHENTICATED WITH TGT SESSION KEY 
INCLUDES A TGT THAT HAS A COPY OF THE SESSION KEY 



-TICKET IS ENCRYPTED WITH TICKE 
220b. TGS REPLY. 



GRANTING SERVICE KEY 



WITH TIME SERVER TICKET, WHICH INCLUDES: 

-SESSION KEY 

-SERVER IDENTIFICATION 

-EXPIRATION TIME 
AUTHENTICATED WITH TGT SESSION KEY 
SECOND COPY OF SESSION KEY FROM TIME SERVER TICKET 

-ENCRYPTED WITH TGT SESSION KEY 

230a. SECURE TIME REQUEST 



TIME SERVER TICKET 

-ENCRYPTED WITH TIME SERVER SERVICE KEY 
RANDOM CLIENT NONCE I 
AUTHENTICATED WITH SESSION KEY FROM THE TICKET 

230b. SECURE TIME REPLY 



CURRENT TIME OF DAY 
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